Microsoft's decision to introduce security features that will break many old applications with XP SP2 has been praised by the information security community. XP SP2 is a major security upgrade for Windows XP, and some of the fixes will be incompatible with existing applications, especially ones that were 'sloppily' written.
Microsoft has a knowledgebase article listing about 40 of the over 200 programs known to be affected, and how to workaround the problems.
Understandably, Microsoft's explanation of SP2 contains a lot of "spin" - they can hardly say, "We've been screwing up security for years, this will improve things, but it is going to hurt." Instead, SP2 will provide a "Better user experience". The "Guiding Principles" for SP2 are:
- Secure by Design
- Secure by Default
- Secure by Deployment
These are excellent principles; it might have been better to make them rules, not just guides. Overall, SP2 is a great improvement and big step on Microsoft's path to becoming security-focussed. But it is only one step, and already a security flaw in SP2 has been reported.